From owner-freebsd-hackers  Wed May 29 22:14:28 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from patrocles.silby.com (d62.as10.nwbl0.wi.voyager.net [169.207.131.62])
	by hub.freebsd.org (Postfix) with ESMTP id 471BA37B413
	for <freebsd-hackers@FreeBSD.ORG>; Wed, 29 May 2002 22:14:01 -0700 (PDT)
Received: from patrocles.silby.com (localhost [127.0.0.1])
	by patrocles.silby.com (8.12.3/8.12.3) with ESMTP id g4U5F7OA017105;
	Thu, 30 May 2002 00:15:07 -0500 (CDT)
	(envelope-from silby@silby.com)
Received: from localhost (silby@localhost)
	by patrocles.silby.com (8.12.3/8.12.3/Submit) with ESMTP id g4U5F3Xt017102;
	Thu, 30 May 2002 00:15:05 -0500 (CDT)
X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs
Date: Thu, 30 May 2002 00:15:02 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: sandboxing untrusted binaries
In-Reply-To: <20020530025817.GA4390@no-support.loc>
Message-ID: <20020530001247.F16869-100000@patrocles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


On Thu, 30 May 2002, Bjoern Fischer wrote:

> Hello,
>
> OpenBSD has a new interesting feature: systrace. It is a system call
> policy generator for "sandboxing" untrusted or semi-trusted binaries.
>
> The whole idea looks interesting. The implementation details look
> relatively simple (read: not too complicated). Anyone interested in
> having a closer look and maybe porting it?
>
> Or I will try to port it myself if at least one core member says:
> "Interesting technology, send a patch..."
>
> http://www.citi.umich.edu/u/provos/systrace/
>
> Bj=F6rn Fischer

You might want to talk to Robert Watson and see if the concept overlaps or
conflicts with anything he's doing as part of the TrustedBSD project.

As long as systrace does not conflict with what he's doing and does not
introduce the possibility of new security holes, I'm suspect that a port
of the code would not meet much resistance.

Go for it!

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message